Firewall Wizards mailing list archives

Re: NAT sanity check

From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 5 Nov 2007 16:18:00 -0500

I've got a /29 public network, addresses (say) .2 to .6, with default

gateway of .1.  Can I

place a Checkpoint firewall on .2 and have it use the remaining addresses

for NAT'd services

on the other side of the firewall?


Sure, you can use .3-.6 for publishing services to the internet (Check Point
calls it "static NAT") and use .2 for the firewall's outside interface and
also for outbound network traffic (Check Point calls this "hide NAT").  With
a /29 subnet, the first and eighth addresses (.0 and .7) are reserved and
cannot be used.

Also, would it work if the firewall was a PIX?


Yes.  


PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

NAT sanity check David Steele (Nov 05)
- Re: NAT sanity check Darden, Patrick S. (Nov 07)
- Re: NAT sanity check James (Nov 07)
- Re: NAT sanity check Paul Melson (Nov 07)
- <Possible follow-ups>
- Re: NAT sanity check Halchishak, John (Nov 07)